Netctl and mac address spoofing

I was wondering if netctl has the option to set parameters on the nic like PRE_UP in netcfg. My server has a spoofed mac address and using netcfg I am able to change the mac address before the card is initialized using the PRE_UP parameter in the config file. Is this possible with netctl?

Re: Netctl and mac address spoofing

Yes this is what I saw in the man pages and your suggestion is one I hadn't thought of. So thank you!

Also, I would of thought that a PRE_UP command or something similar would have been implemented before pushing out. Does anyone know if this will be put into netctl or where one can request future "features"?

Re: Netctl and mac address spoofing

I read a bug report about the same where, a PRE_UP was requested but jouke simply pointed to the fact that you can create a systemd unit to get the same result. So I don't think implementing PRE_UP is high on his todo list.

This way, unit_to_spoof_mac.service will be started whenever the netctl@<profile>.service unit is started. Also, when the netctl unit is stopped, the MAC address will not return to its original (unspoofed) value.

Re: Netctl and mac address spoofing

I finally made the switch to netctl today and was completely surprised that they had removed stable features of netcfg. Manually hacking together custom service files and forcing users to fully enable profiles just to get per-profile pre-up and post-down behavior is unreasonable. It is also logically inconsistent given that post-up and pre-down exist.

I have uploaded a patched version that provides support for ExecUpPre and ExecDownPost. Please get it here and test it. If it works as intended then I will likely try to get it included upstream.

For now I have only edited the lib/network file, which seems to work when starting and stopping services manually with netctl. I suspect that hooks are required in lib/auto.action as well, but I'm not sure. Feel free to submit patches or suggest ways to add the hooks there.

Re: Netctl and mac address spoofing

Xyne wrote:

I finally made the switch to netctl today and was completely surprised that they had removed stable features of netcfg. Manually hacking together custom service files and forcing users to fully enable profiles just to get per-profile pre-up and post-down behavior is unreasonable. It is also logically inconsistent given that post-up and pre-down exist.

Except that... it is consistent. The logic of netctl is basically "remove everything which can be done outside of netctl". The PRE_UP and POST_DOWN hooks can be implemented via systemd, as others have pointed out. PRE_DOWN can't be done using other tools.

I'm not sure why POST_UP is there, as it can be implemented using systemd's ExecStartPost.

Xyne wrote:

I have uploaded a patched version that provides support for ExecUpPre and ExecDownPost. Please get it here and test it. If it works as intended then I will likely try to get it included upstream..

Please don't. This has already been discussed: https://github.com/joukewitteveen/netctl/issues/12 . The truth is that netctl has no way of properly handling the execution of specified commands (what if command fails or mistyped). My understanding is that people have misused the hooks heavily in the past, so they have been removed.

If you really want to do something about netctl, I'd create a unit generator which would add systemd Exec* hookes based on netctl profile hooks, and remove all hook handling from netctl...

Re: Netctl and mac address spoofing

My understanding is that people have misused the hooks heavily in the past, so they have been removed.

What is the logic there? If something is "heavily misused" that generally means that it is useful, no?

I don't see how user incompetence is an argument against a features, especially on Arch. If a user can't type a command correctly or write a script to handle failure, it shouldn't force everyone else to give up the feature.

As for "remove everything which can be done outside of netctl", that would be everything that netctl does. You can manually set up all of your connections, both wired and wireless, without netctl. You can write custom unit files for all such actions.

Surely the point of netctl is to provide a simple interface for managing network connections in a consistent manner, not to apply a jagged Occam's razor.

Please feel free to point me to documentation that allows me to easily enable per-profile pre-up and post-down actions without having systemd services enabled (i.e. I want these actions to be run when starting and stopping services manually). I'll maintain my simple patch as long as I find it useful. Anyone else who would rather add one simple line per-profile rather than clutter up the systemd dir with extra files while faffing about with custom units is welcome to use it.

Re: Netctl and mac address spoofing

My understanding is that people have misused the hooks heavily in the past, so they have been removed.

What is the logic there? If something is "heavily misused" that generally means that it is useful, no?

I don't see how user incompetence is an argument against a features, especially on Arch. If a user can't type a command correctly or write a script to handle failure, it shouldn't force everyone else to give up the feature.

It's not "incompetence" per se, but rather absence of knowledge regarding netctl internals. If you pass a command to a piece of software, you expect it be handled properly, no (otherwise the software is a hack)? Handling hooks properly in a bash script is cumbersome at best (what if command fails/arguments are wrong, etc.). OTOH, systemd is pretty good at tracking processes, so why not let it do its job? As you said, Arch is meant for competent users, so what's the issue with editing systemd units configs?

Xyne wrote:

As for "remove everything which can be done outside of netctl", that would be everything that netctl does. You can manually set up all of your connections, both wired and wireless, without netctl. You can write custom unit files for all such actions.

True, and that's how many people do simple network config. Just search the forums: for a laptop all you need is wpa_supplicant+dhcpcd wrapped in one systemd unit.

But the key word here is "simple". For example, I have 3 bridges on my server, and I'd like to have 1 script to handle them, not 3 nearly identical ones.

Xyne wrote:

Surely the point of netctl is to provide a simple interface for managing network connections in a consistent manner, not to apply a jagged Occam's razor.

Please feel free to point me to documentation that allows me to easily enable per-profile pre-up and post-down actions without having systemd services enabled (i.e. I want these actions to be run when starting and stopping services manually). I'll maintain my simple patch as long as I find it useful. Anyone else who would rather add one simple line per-profile rather than clutter up the systemd dir with extra files while faffing about with custom units is welcome to use it.

You have to be careful with the "per profile" logic. If profiles are switched dynamically and each includes a hook, how do you undo (within netctl) effects of hook_1 before hook_2 is executed? Moreover, most of the time, hook commands are really configurations. The present case is one example. Another example, is interface renaming. Would you do it through a hook or systemd/udevd config?